Analysing an Android application, commonly referred to as an APK, can be done in a variety of ways. One can use APKTool to decode the application, thereby obtaining the manifest, the classes.dex, and the application’s resources. The classes.dex file can then be converted into a JAR using dex2jar, after which it can be decompiled.
All these applications require different command-line arguments, especially if one were to use the more advanced features. To simplify this process, I made and open-sourced AndroidProjectCreator. One can find the latest release here. This post serves as a short recap of the tool’s capabilities, together with information on its usage.
Table of contents
AndroidProjectCreator in a nutshell
AndroidProjectCreator is used to convert an APK into an Android Studio project with the help of a variety of open-source tools. One can run this tool on Windows, Linux distributions, and likely MacOS. The latter should be able to run the latest version, but this has barely been tested.
The usage of Android Studio as an analysis environment allows the analyst to edit code wherever necessary in an always up-to-date environment. Decompiler mistakes can be fixed manually, or a different decompiler can be selected to generate a new Android Studio project. Multiple projects can manually be compared, allowing the analyst to work out what errors are made by the decompiler, if any are present.
One of the major advantages to use Android Studio to analyse and refactor code, when compared to syntax highlighting text editors, is the handling of duplicate names, or partial names. If one were to replace the text a into getContext by literally replacing the strings, errors will pop-up. When your analysis environment understands the code’s structure, there is no such problem. Example code to further illustrate this point is given below.
private String a; private String anotherString; private void a() { int a = 3; this.a = "test"; } private void anotherFunction(Object a) { this.a = "secondTest"; }
The outcome of the above-mentioned literal string replacement is given below.
privgetContextte String getContext; privgetContextte String getContextnotherString; privgetContextte void getContext() { int getContext = 3; this.getContext = "test"; } privgetContextte void getContextnotherFunction(Object getContext) { this.getContext = "secondTest"; }
Aside from the obvious errors, this example does not take into account that class and package names are also impacted in the same way. Android Studio allows one to refactor a specific variable, function, class, or package, without affecting the rest of the project.
The installation
The instructions to install AndroidProjectCreator can be found here. To install AndroidProjectCreator on Remnux, one can follow these instructions.
Updating the tool itself is simple, as one can simply replace the JAR with the new version. Backwards compatibility is ensured by default, unless explicitly stated otherwise.
Converting an APK
To convert an APK, one needs to specify one of the included decompilers. AndroidProjectCreator’s latest version, 1.4-stable, contains JD-CMD, part of JD-GUI, Fernflower, JAD-X, CFR, Procyon, and a plug-in script for those who own a JEB3 Pro license.
Aside from the decompiler, one should specify the location of the APK, as well as the desired location for the Android Studio project. Note that the Android Studio project location does not need to exist, as the missing folders will be created if need be. Below, an example to decompile an APK is given.
java -jar AndroidProjectCreator.jar -decompile fernflower ~/samples/sms-stealer/sample.apk ./sms-stealer-fernflower
Note that the provided paths can either be given in full, or relative to the current working directory of the terminal. AndroidProjectCreator can also be executed in parallel, as conversion is handled within a uniquely named temporary folder, allowing users to include the tool in an automated process.
Errors in the newly created Android Studio project are expected and are no reason to worry, as long as the IDE is able to understand and structure the code. When in doubt, one can refactor any class, function, or field. If this is possible, the IDE understands enough to help you during the analysis. If not, ensure that the correct build tools are installed.
Conclusion
One can easily and freely convert Android applications into an Android Studio project. This allows the analyst to harness the power of the official Android IDE when analysing and refactoring decompiled code. If there are any questions, feel free to contact me via any of the given methods below.
To contact me, you can e-mail me at [info][at][maxkersten][dot][nl], or DM me on Twitter @Libranalysis.